In financial institutions across the United States, there’s a reflex that’s become almost ritual.
When a regulator walks in, or a board member asks whether the AML program is working, the answer is the same: “We just passed audit.” It’s delivered with confidence, sometimes even pride, as if the risk has been neutralized. But passing audit doesn’t mean your program is safe.
